Add cgroup limiting to Linux Executor

[catsby]

Spike at adding some basic cgroup limits based off of the Tasks Resources

/cc @cbednarski

[catsby]

I've updated this PR to move Limit() after Start()in the Exec Driver, and some other cleanups for limiting with cgroups.

I have not looked into any kind of hooks yet.
/cc @dadgar @cbednarski

[dadgar]

Yeah it doesn't seem like there is a good way to do it with the Manager. The Apply method is actually creating the cgroups. You could just keep Limit the same but move the Apply call on the manager to the Start method.

[cbednarski]

I'm curious what corollary, if any, exists in Windows or FreeBSD. We may have to change this around later anyway, so for now if it's simpler / faster / easier to swap Start and Limit let's do that to save time. We can switch it back later if we need to.

[cbednarski]

I think this should be 2048

[dadgar]

Well there is actually a slightly bigger problem with the way it is done now:
Call Start() -> spawns PID 10
10 can fork/exec() -> creating PID 11
Then we Limit(10) to a cgroup but 11 has escaped it.

That is why you want to build the cgroup first and then launch the pid into the group rather than joining it.

[dadgar]

Update from slack discussion: Will go with the double fork approach where the intermediate process joins the cgroup, launches the desired process, sending over the child pid to the original process and then killing itself.

I will be implementing this

[catsby]

Will you be building off this and sending a PR here, or should I close this?

[dadgar]

Yeah I am building on that branch! Thanks for asking!
On Wed, Sep 16, 2015 at 6:29 PM Clint [email protected] wrote:

Will you be building off this and sending a PR here, or should I close
this?

—
Reply to this email directly or view it on GitHub
#52 (comment).

[dadgar]

Closed in favor of #68

[github-actions]

I'm going to lock this pull request because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.